I was tasked with building a scalable and repeatable provisioning system for a client which included CE routers and access switches across a central HQ and multiple branch offices. Each site supported local VLANs for departmental segmentation and required dynamic routing via BGP to the service provider MPLS core.
I developed a modular Ansible-based automation framework. I created a clean directory structure using role-based separation per site and per device type. This allowed for logical scoping of tasks, variables and made the system easy to scale as new sites were added.
The inventory was defined statically in hosts.yml, with clear grouping for HQ and branch devices. Using Ansible network_cli with cisco.ios modules, I automated:
Interface configuration using looped templates from structured YAML variables
- BGP session setup with primary and secondary ISPs
- VLAN route advertisement under each BGP process
Each device role included:
- A tasks/main.yml file for interface and BGP configuration
- A vars/main.yml file for block-style variables (interfaces, VLANs, neighbors)
The Ansible playbook playbook.yml targeted each device type by role and applied configurations using idempotent tasks with save_when: always to ensure persistence in NVRAM.
As a result:
- CE routers and switches at HQ and branches were fully provisioned with consistent, reusable templates
- BGP peering with PE routers were established successfully.
- VLAN subnets were correctly advertised to the MPLS core.
- The design allowed centralized control, automation at scale, and future expansion without manual rework.
This provisioning system brought clarity, structure, and maintainability to the entire deployment lifecycle.
Top comments (0)